How to allow unsafe-eval and Remote Script - CSP Content Security Policy

StackOverflow https://stackoverflow.com/questions/14958829

문제

"GOOGLE EXTENSION WEB APP"

Drives me nuts.

I can't manage to have unsafe-eval and remote script both working.

I can have unsafe eval but the remove script doesn't work. And vice verso.

What failed:

Eval and Remote

"content_security_policy": "script-src https://connect.facebook.net 'unsafe-eval'; object-src 'self' "

What works:

Only Remote

"content_security_policy": "script-src 'self' https://connect.facebook.net; object-src 'self' "

Only Eval

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self' "

How to have both ?

도움이 되었습니까?

해결책

Just merge the directive values:

script-src 'self' 'unsafe-eval' https://connect.facebook.net; object-src 'self'
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top